The present disclosure generally relates to a virtual environment, and more particularly to security in a virtual environment.
A firewall may provide a barrier between a network and the outside world. For example, in an organizational setting, a dedicated firewall may be placed between the organization's network and the outside world. A security administrator in the organization may be tasked with deciding how to implement the firewall. The security administrator may place a router that has built-in firewall capabilities between the organization's network and the outside world. Alternatively, the security administrator may place a server that is dedicated solely to running firewall software. Some operating systems may include built-in packet-filtering capabilities, and the security administrator may decide to install this operating system on the dedicated server. The security administrator may buy the server, and install and configure the proper software on the server.
As organizations move their assets into the cloud and the use of virtual environments by organizations increase, the above mentioned technique of deploying a firewall may not suffice to secure a virtual environment. For example, in a non-virtualized environment each server in a network may be connected to a unique switch that is then routed into the firewall. The servers may be physically segregated from each other and the only point of connectivity between the servers may be via the physical firewall. In a virtualized environment, however, many virtual machines may reside in a host machine. A virtual machine is a portion of software that, when executed on appropriate hardware, creates an environment allowing the virtualization of certain functionality of a physical computer system. A virtual machine may function as a self-contained platform, running its own operating system (OS) and software applications (processes). A malicious user may break out of a virtual machine and compromise the host machine.
Further, integrating the firewall into the virtual environment may be difficult. A security administrator may be tasked with configuring the firewall and the virtual machines running on the host machine to use the firewall. This may be a manual process that proves to be tedious and time consuming. Additionally, moving the firewall may also be a tedious and time consuming process.